[R45phpbbmods-checkins] user_search/admin admin_user_search.php,1.8,1.9
Brought to you by:
rasadam
Menu
▾
▴
[R45phpbbmods-checkins] user_search/admin admin_user_search.php,1.8,1.9
|
From: Adam A. <ra...@us...> - 2004-12-31 05:27:07
|
Update of /cvsroot/r45phpbbmods/user_search/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10343/admin Modified Files: admin_user_search.php Log Message: ## 2004/12/31 - Version 1.0.2 ## - Fixed bug in Moderators Query (Ommited forum clause) (Credits to JRSweets) ## - Fixed bug in Group Selecting where total SQL returned maximum 1 row (Credits to nanjang) ## - Fixed bug where users would be selected twice if the had moderation permissions set by ## a group and their individual permissions ## - Removed SQL Injection vulnerability ## - Fixed bug with incorrect language file calls ## - Added Sorting of results by Last Visit ## - Included Last Visit in results ## - Added Field of Last Visit to the Search Options Index: admin_user_search.php =================================================================== RCS file: /cvsroot/r45phpbbmods/user_search/admin/admin_user_search.php,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** admin_user_search.php 17 Nov 2004 22:45:16 -0000 1.8 --- admin_user_search.php 31 Dec 2004 05:26:54 -0000 1.9 *************** *** 101,104 **** --- 101,112 ---- $styles_list = style_select('', 'style_type'); + $lastvisited = array(1, 7, 14, 30, 60, 120, 365, 500, 730, 1000); + $lastvisited_list = ''; + + foreach($lastvisited as $days) + { + $lastvisited_list .= '<option value="'.$days.'">'.$days.' '. ( ( $days > 1 ) ? $lang['Days'] : $lang['Day'] ) .'</option>'; + } + $template->set_filenames(array( "body" => "admin/admin_user_search_form.tpl" *************** *** 142,145 **** --- 150,157 ---- 'L_INTERESTS' => $lang['Interests'], 'L_OCCUPATION' => $lang['Occupation'], + 'L_LASTVISITED' => $lang['Search_users_lastvisited'], + 'L_IN_THE_LAST' => $lang['in_the_last'], + 'L_AFTER_THE_LAST' => $lang['after_the_last'], + 'L_LASTVISITED_EXPLAIN' => $lang['Search_users_lastvisited_explain'], 'L_LANGUAGE' => $lang['Board_lang'], 'L_LANGUAGE_EXPLAIN' => $lang['Search_users_language_explain'], *************** *** 160,163 **** --- 172,176 ---- 'FORUMS_LIST' => $forums_list, 'STYLE_LIST' => $styles_list, + 'LASTVISITED_LIST' => $lastvisited_list, 'S_SEARCH_ACTION' => append_sid("admin_user_search.$phpEx") *************** *** 197,200 **** --- 210,217 ---- $mode = 'search_userfield'; } + else if(isset($HTTP_POST_VARS['search_lastvisited'])||isset($HTTP_GET_VARS['search_lastvisited'])) + { + $mode = 'search_lastvisited'; + } else if(isset($HTTP_POST_VARS['search_language'])||isset($HTTP_GET_VARS['search_language'])) { *************** *** 222,226 **** { case 'search_username': ! $username = ( isset($HTTP_GET_VARS['username']) ) ? rawurldecode($HTTP_GET_VARS['username']) : $HTTP_POST_VARS['username']; $regex = ( $HTTP_POST_VARS['search_username_regex'] ) ? true : ( $HTTP_GET_VARS['regex'] ) ? true : false; --- 239,243 ---- { case 'search_username': ! $username = ( isset($HTTP_GET_VARS['username']) ) ? $HTTP_GET_VARS['username'] : $HTTP_POST_VARS['username']; $regex = ( $HTTP_POST_VARS['search_username_regex'] ) ? true : ( $HTTP_GET_VARS['regex'] ) ? true : false; *************** *** 232,236 **** break; case 'search_email': ! $email = ( isset($HTTP_GET_VARS['email']) ) ? rawurldecode($HTTP_GET_VARS['email']) : $HTTP_POST_VARS['email']; $regex = ( $HTTP_POST_VARS['search_email_regex'] ) ? true : ( $HTTP_GET_VARS['regex'] ) ? true : false; --- 249,253 ---- break; case 'search_email': ! $email = ( isset($HTTP_GET_VARS['email']) ) ? $HTTP_GET_VARS['email'] : $HTTP_POST_VARS['email']; $regex = ( $HTTP_POST_VARS['search_email_regex'] ) ? true : ( $HTTP_GET_VARS['regex'] ) ? true : false; *************** *** 242,246 **** break; case 'search_ip': ! $ip_address = ( isset($HTTP_POST_VARS['ip_address'] ) ) ? $HTTP_POST_VARS['ip_address'] : rawurldecode($HTTP_GET_VARS['ip_address']); if(!$ip_address) --- 259,263 ---- break; case 'search_ip': ! $ip_address = ( isset($HTTP_POST_VARS['ip_address'] ) ) ? $HTTP_POST_VARS['ip_address'] : $HTTP_GET_VARS['ip_address']; if(!$ip_address) *************** *** 250,257 **** break; case 'search_joindate': ! $date_type = ( isset($HTTP_POST_VARS['date_type'] ) ) ? $HTTP_POST_VARS['date_type'] : rawurldecode($HTTP_GET_VARS['date_type']); ! $date_day = ( isset($HTTP_POST_VARS['date_day'] ) ) ? $HTTP_POST_VARS['date_day'] : rawurldecode($HTTP_GET_VARS['date_day']); ! $date_month = ( isset($HTTP_POST_VARS['date_month'] ) ) ? $HTTP_POST_VARS['date_month'] : rawurldecode($HTTP_GET_VARS['date_month']); ! $date_year = ( isset($HTTP_POST_VARS['date_year'] ) ) ? $HTTP_POST_VARS['date_year'] : rawurldecode($HTTP_GET_VARS['date_year']); if(!$date_type || !$date_day || !$date_month || !$date_year) --- 267,274 ---- break; case 'search_joindate': ! $date_type = ( isset($HTTP_POST_VARS['date_type'] ) ) ? $HTTP_POST_VARS['date_type'] : $HTTP_GET_VARS['date_type']; ! $date_day = ( isset($HTTP_POST_VARS['date_day'] ) ) ? $HTTP_POST_VARS['date_day'] : $HTTP_GET_VARS['date_day']; ! $date_month = ( isset($HTTP_POST_VARS['date_month'] ) ) ? $HTTP_POST_VARS['date_month'] : $HTTP_GET_VARS['date_month']; ! $date_year = ( isset($HTTP_POST_VARS['date_year'] ) ) ? $HTTP_POST_VARS['date_year'] : $HTTP_GET_VARS['date_year']; if(!$date_type || !$date_day || !$date_month || !$date_year) *************** *** 261,265 **** break; case 'search_group': ! $group_id = ( isset($HTTP_POST_VARS['group_id'] ) ) ? $HTTP_POST_VARS['group_id'] : rawurldecode($HTTP_GET_VARS['group_id']); if(!$group_id) { --- 278,282 ---- break; case 'search_group': ! $group_id = ( isset($HTTP_POST_VARS['group_id'] ) ) ? $HTTP_POST_VARS['group_id'] : $HTTP_GET_VARS['group_id']; if(!$group_id) { *************** *** 268,273 **** break; case 'search_postcount': ! $postcount_type = ( isset($HTTP_POST_VARS['postcount_type'] ) ) ? $HTTP_POST_VARS['postcount_type'] : rawurldecode($HTTP_GET_VARS['postcount_type']); ! $postcount_value = ( isset($HTTP_POST_VARS['postcount_value'] ) ) ? $HTTP_POST_VARS['postcount_value'] : rawurldecode($HTTP_GET_VARS['postcount_value']); if(!$postcount_type || ( !$postcount_value && $postcount_value != 0)) --- 285,290 ---- break; case 'search_postcount': ! $postcount_type = ( isset($HTTP_POST_VARS['postcount_type'] ) ) ? $HTTP_POST_VARS['postcount_type'] : $HTTP_GET_VARS['postcount_type']; ! $postcount_value = ( isset($HTTP_POST_VARS['postcount_value'] ) ) ? $HTTP_POST_VARS['postcount_value'] : $HTTP_GET_VARS['postcount_value']; if(!$postcount_type || ( !$postcount_value && $postcount_value != 0)) *************** *** 277,282 **** break; case 'search_userfield': ! $userfield_type = ( isset($HTTP_POST_VARS['userfield_type'] ) ) ? $HTTP_POST_VARS['userfield_type'] : rawurldecode($HTTP_GET_VARS['userfield_type']); ! $userfield_value = ( isset($HTTP_POST_VARS['userfield_value'] ) ) ? $HTTP_POST_VARS['userfield_value'] : rawurldecode($HTTP_GET_VARS['userfield_value']); $regex = ( $HTTP_POST_VARS['search_userfield_regex'] ) ? true : ( $HTTP_GET_VARS['regex'] ) ? true : false; --- 294,299 ---- break; case 'search_userfield': ! $userfield_type = ( isset($HTTP_POST_VARS['userfield_type'] ) ) ? $HTTP_POST_VARS['userfield_type'] : $HTTP_GET_VARS['userfield_type']; ! $userfield_value = ( isset($HTTP_POST_VARS['userfield_value'] ) ) ? $HTTP_POST_VARS['userfield_value'] : $HTTP_GET_VARS['userfield_value']; $regex = ( $HTTP_POST_VARS['search_userfield_regex'] ) ? true : ( $HTTP_GET_VARS['regex'] ) ? true : false; *************** *** 287,292 **** break; case 'search_language': ! $language_type = ( isset($HTTP_POST_VARS['language_type'] ) ) ? $HTTP_POST_VARS['language_type'] : rawurldecode($HTTP_GET_VARS['language_type']); if(!$language_type) --- 304,319 ---- break; + case 'search_lastvisited': + $lastvisited_days = ( isset($HTTP_POST_VARS['lastvisited_days'] ) ) ? $HTTP_POST_VARS['lastvisited_days'] : $HTTP_GET_VARS['lastvisited_days']; + $lastvisited_type = ( isset($HTTP_POST_VARS['lastvisited_type'] ) ) ? $HTTP_POST_VARS['lastvisited_type'] : $HTTP_GET_VARS['lastvisited_type']; + + if(!$lastvisited_days || !$lastvisited_type) + { + message_die(GENERAL_MESSAGE, $lang['Search_invalid_lastvisited']); + } + + break; case 'search_language': ! $language_type = ( isset($HTTP_POST_VARS['language_type'] ) ) ? $HTTP_POST_VARS['language_type'] : $HTTP_GET_VARS['language_type']; if(!$language_type) *************** *** 297,301 **** break; case 'search_timezone': ! $timezone_type = ( isset($HTTP_POST_VARS['timezone_type'] ) ) ? $HTTP_POST_VARS['timezone_type'] : rawurldecode($HTTP_GET_VARS['timezone_type']); if(!$timezone_type && $timezone_type != 0) --- 324,328 ---- break; case 'search_timezone': ! $timezone_type = ( isset($HTTP_POST_VARS['timezone_type'] ) ) ? $HTTP_POST_VARS['timezone_type'] : $HTTP_GET_VARS['timezone_type']; if(!$timezone_type && $timezone_type != 0) *************** *** 306,310 **** break; case 'search_style': ! $style_type = ( isset($HTTP_POST_VARS['style_type'] ) ) ? $HTTP_POST_VARS['style_type'] : rawurldecode($HTTP_GET_VARS['style_type']); if(!$style_type) --- 333,337 ---- break; case 'search_style': ! $style_type = ( isset($HTTP_POST_VARS['style_type'] ) ) ? $HTTP_POST_VARS['style_type'] : $HTTP_GET_VARS['style_type']; if(!$style_type) *************** *** 315,319 **** break; case 'search_moderators': ! $moderators_forum = ( isset($HTTP_POST_VARS['moderators_forum'] ) ) ? $HTTP_POST_VARS['moderators_forum'] : rawurldecode($HTTP_GET_VARS['moderators_forum']); if(!$moderators_forum) --- 342,346 ---- break; case 'search_moderators': ! $moderators_forum = ( isset($HTTP_POST_VARS['moderators_forum'] ) ) ? $HTTP_POST_VARS['moderators_forum'] : $HTTP_GET_VARS['moderators_forum']; if(!$moderators_forum) *************** *** 325,329 **** case 'search_misc': default: ! $misc = ( isset($HTTP_POST_VARS['misc'] ) ) ? $HTTP_POST_VARS['misc'] : rawurldecode($HTTP_GET_VARS['misc']); if(!$misc) { --- 352,356 ---- case 'search_misc': default: ! $misc = ( isset($HTTP_POST_VARS['misc'] ) ) ? $HTTP_POST_VARS['misc'] : $HTTP_GET_VARS['misc']; if(!$misc) { *************** *** 334,338 **** $base_url = "admin_user_search.$phpEx?dosearch=true"; ! $select_sql = "SELECT u.user_id, u.username, u.user_email, u.user_posts, u.user_regdate, u.user_level, u.user_active FROM ".USERS_TABLE." AS u"; --- 361,365 ---- $base_url = "admin_user_search.$phpEx?dosearch=true"; ! $select_sql = "SELECT u.user_id, u.username, u.user_email, u.user_posts, u.user_regdate, u.user_level, u.user_active, u.user_lastvisit FROM ".USERS_TABLE." AS u"; *************** *** 692,697 **** WHERE u.user_id = ug.user_id AND ug.group_id = $group_id ! AND u.user_id <> ".ANONYMOUS." ! GROUP BY u.user_id"; $select_sql .= ", ".USER_GROUP_TABLE." AS ug --- 719,723 ---- WHERE u.user_id = ug.user_id AND ug.group_id = $group_id ! AND u.user_id <> ".ANONYMOUS; $select_sql .= ", ".USER_GROUP_TABLE." AS ug *************** *** 712,716 **** $postcount_value = intval($postcount_value); ! $text = sprintf($lang['Search_by_postcount_greater'], $postcount_value); $total_sql .= "SELECT COUNT(user_id) AS total --- 738,742 ---- $postcount_value = intval($postcount_value); ! $text = sprintf($lang['Search_for_postcount_greater'], $postcount_value); $total_sql .= "SELECT COUNT(user_id) AS total *************** *** 725,729 **** $postcount_value = intval($postcount_value); ! $text = sprintf($lang['Search_by_postcount_lesser'], $postcount_value); $total_sql .= "SELECT COUNT(user_id) AS total --- 751,755 ---- $postcount_value = intval($postcount_value); ! $text = sprintf($lang['Search_for_postcount_lesser'], $postcount_value); $total_sql .= "SELECT COUNT(user_id) AS total *************** *** 749,753 **** } ! $text = sprintf($lang['Search_by_postcount_range'], $range_begin, $range_end); $total_sql .= "SELECT COUNT(user_id) AS total --- 775,779 ---- } ! $text = sprintf($lang['Search_for_postcount_range'], $range_begin, $range_end); $total_sql .= "SELECT COUNT(user_id) AS total *************** *** 765,769 **** $postcount_value = intval($postcount_value); ! $text = sprintf($lang['Search_by_postcount_equals'], $postcount_value); $total_sql .= "SELECT COUNT(user_id) AS total --- 791,795 ---- $postcount_value = intval($postcount_value); ! $text = sprintf($lang['Search_for_postcount_equals'], $postcount_value); $total_sql .= "SELECT COUNT(user_id) AS total *************** *** 867,870 **** --- 893,934 ---- break; + case 'search_lastvisited': + $lastvisited_type = trim(strtolower($lastvisited_type)); + $lastvisited_days = intval($lastvisited_days); + + $base_url .= "&search_lastvisited=true&lastvisited_type=".rawurlencode($lastvisited_type)."&lastvisited_days=".rawurlencode($lastvisited_days); + + $lastvisited_seconds = ( time() - ( ( ( $lastvisited_days * 24 ) * 60 ) * 60 ) ); + + switch($lastvisited_type) + { + case 'in': + $text = sprintf($lang['Search_for_lastvisited_inthelast'], $lastvisited_days, ( ( $lastvisited_days > 1 ) ? $lang['Days'] : $lang['Day'] ) ); + + $total_sql .= "SELECT COUNT(user_id) AS total + FROM ".USERS_TABLE." + WHERE user_lastvisit >= $lastvisited_seconds + AND user_id <> ".ANONYMOUS; + + $select_sql .= " WHERE u.user_lastvisit >= $lastvisited_seconds + AND u.user_id <> ".ANONYMOUS; + break; + case 'after': + $text = sprintf($lang['Search_for_lastvisited_afterthelast'], $lastvisited_days, ( ( $lastvisited_days > 1 ) ? $lang['Days'] : $lang['Day'] )); + + $total_sql .= "SELECT COUNT(user_id) AS total + FROM ".USERS_TABLE." + WHERE user_lastvisit < $lastvisited_seconds + AND user_id <> ".ANONYMOUS; + + $select_sql .= " WHERE u.user_lastvisit < $lastvisited_seconds + AND u.user_id <> ".ANONYMOUS; + + break; + default: + message_die(GENERAL_MESSAGE, $lang['Search_invalid_lastvisited']); + } + + break; case 'search_language': $base_url .= "&search_language=true&language_type=".rawurlencode($language_type); *************** *** 959,970 **** $text = sprintf($lang['Search_for_moderators'], strip_tags(htmlspecialchars($forum_name['forum_name']))); ! $total_sql .= "SELECT COUNT(u.user_id) AS total FROM ".USERS_TABLE." AS u, ".GROUPS_TABLE." AS g, ".USER_GROUP_TABLE." AS ug, ".AUTH_ACCESS_TABLE." AS aa WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id AND g.group_id = aa.group_id AND aa.auth_mod = 1 ! AND u.user_id <> ".ANONYMOUS." ! GROUP BY (u.user_id)"; $select_sql .= ", ".GROUPS_TABLE." AS g, ".USER_GROUP_TABLE." AS ug, ".AUTH_ACCESS_TABLE." AS aa --- 1023,1034 ---- $text = sprintf($lang['Search_for_moderators'], strip_tags(htmlspecialchars($forum_name['forum_name']))); ! $total_sql .= "SELECT COUNT(DISTINCT u.user_id) AS total FROM ".USERS_TABLE." AS u, ".GROUPS_TABLE." AS g, ".USER_GROUP_TABLE." AS ug, ".AUTH_ACCESS_TABLE." AS aa WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id AND g.group_id = aa.group_id + AND aa.forum_id = ". $moderators_forum ." AND aa.auth_mod = 1 ! AND u.user_id <> ".ANONYMOUS; $select_sql .= ", ".GROUPS_TABLE." AS g, ".USER_GROUP_TABLE." AS ug, ".AUTH_ACCESS_TABLE." AS aa *************** *** 972,977 **** AND ug.group_id = g.group_id AND g.group_id = aa.group_id AND aa.auth_mod = 1 ! AND u.user_id <> ".ANONYMOUS; break; case 'search_misc': --- 1036,1043 ---- AND ug.group_id = g.group_id AND g.group_id = aa.group_id + AND aa.forum_id = ". $moderators_forum ." AND aa.auth_mod = 1 ! AND u.user_id <> ".ANONYMOUS." ! GROUP BY u.user_id, u.username, u.user_email, u.user_posts, u.user_regdate, u.user_level, u.user_active, u.user_lastvisit"; break; case 'search_misc': *************** *** 1071,1074 **** --- 1137,1145 ---- $select_sql .= "u.user_email"; break; + case 'lastvisit': + $sort = 'user_lastvisit'; + + $select_sql .= "u.user_lastvisit"; + break; case 'username': default: *************** *** 1156,1159 **** --- 1227,1231 ---- 'L_POSTS' => $lang['Posts'], 'L_JOINDATE' => $lang['Joined'], + 'L_LASTVISIT' => $lang['Last_visit'], 'L_MANAGE' => $lang['Manage'], 'L_PERMISSIONS' => $lang['Permissions'], *************** *** 1168,1171 **** --- 1240,1244 ---- 'U_POSTS' => ( ( $sort == 'posts' ) ? append_sid("$base_url&sort=$sort&order=$o_order") : append_sid("$base_url&sort=posts&order=$order") ), 'U_JOINDATE' => ( ( $sort == 'regdate' ) ? append_sid("$base_url&sort=$sort&order=$o_order") : append_sid("$base_url&sort=regdate&order=$order") ), + 'U_LASTVISIT' => ( ( $sort == 'lastvisit' ) ? append_sid("$base_url&sort=$sort&order=$o_order") : append_sid("$base_url&sort=lastvisit&order=$order") ), 'S_POST_ACTION' => append_sid("$base_url&sort=$sort&order=$order") *************** *** 1213,1216 **** --- 1286,1290 ---- 'EMAIL' => $rowset[$i]['user_email'], 'JOINDATE' => create_date($board_config['default_dateformat'], $rowset[$i]['user_regdate'], $board_config['board_timezone']), + 'LASTVISIT' => create_date($board_config['default_dateformat'], $rowset[$i]['user_lastvisit'], $board_config['board_timezone']), 'POSTS' => $rowset[$i]['user_posts'], 'BAN' => ( ( !isset($banned[$rowset[$i]['user_id']]) ) ? $lang['Not_banned'] : $lang['Banned'] ), |
